CN112966036B - Method for constructing main data service based on logic model - Google Patents
Method for constructing main data service based on logic model Download PDFInfo
- Publication number
- CN112966036B CN112966036B CN202110261452.5A CN202110261452A CN112966036B CN 112966036 B CN112966036 B CN 112966036B CN 202110261452 A CN202110261452 A CN 202110261452A CN 112966036 B CN112966036 B CN 112966036B
- Authority
- CN
- China
- Prior art keywords
- data
- service
- main data
- authorization
- service based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013475 authorization Methods 0.000 claims description 36
- 238000005457 optimization Methods 0.000 claims description 3
- 238000003780 insertion Methods 0.000 abstract description 3
- 230000037431 insertion Effects 0.000 abstract description 3
- 238000004321 preservation Methods 0.000 abstract description 3
- 238000013461 design Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000005192 partition Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/252—Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2457—Query processing with adaptation to user needs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a method for constructing a main data service based on a logic model, and belongs to the technical field of software architecture. The method for constructing the main data service based on the logic model dynamically generates a message according to the identity type and the access authority condition of a target service object, and can finish the inquiry of the main data or the historical inquiry of the change by calling once; and verifying the change authority of the business system to the record and the data field according to the identity type and the change authority condition of the target service object, and refusing unauthorized insertion and update operations. The method for constructing the main data service based on the logic model supports the main data opening and updating requirements facing multiple levels and multiple departments, realizes dynamic updating, freshness preservation and safety release of the main data, has no hidden danger, and has good popularization and application values.
Description
Technical Field
The invention relates to the technical field of software architecture, and particularly provides a method for constructing a main data service based on a logic model.
Background
There are generally two modes of master data opening: one is unified compilation and regular release, is suitable for controlling the change frequency of main data, and can be used in a period after one-time release. The other method is issued through a service interface mode, is suitable for frequent main data change, and a service system can change and inquire the main data in real time.
The main data item is complex in requirement and cannot be supported by the traditional scheme, and the following steps are listed:
1) The main database mainly manages service object information, and dozens of service object identity types are shared;
2) Each identity type comprises hundreds of fields, and different identity types have unique fields and are also crossed; according to the business development, fields contained in the identity types can change frequently;
3) Each service object has one or more identity types, and the identity types can change along with business handling;
4) The service system does not know the identity type of the service object before inquiring and can not directly inquire a specific identity type interface;
5) The read-write of the data fields by the service system is controlled according to the preset authority, the isolation levels of various fields are defined, and the isolation level limitation is passed.
In a traditional main data service design mode, multiple identities of a service object cannot be supported, multiple interfaces cannot be designed according to different data structure permutation and combination, even if the design is carried out, a calling party needs to interact for many times, the identity types are obtained firstly, then the corresponding interfaces are called, the efficiency is low, and the network and server requirements are greatly improved.
Disclosure of Invention
The technical task of the invention is to provide a method for constructing a main data service based on a logic model, which supports the main data opening and updating requirements facing multiple levels and multiple departments, and realizes dynamic updating, freshness preservation and safe release of the main data without hidden danger, aiming at the existing problems.
In order to achieve the purpose, the invention provides the following technical scheme:
a method for constructing a main data service based on a logic model dynamically generates a message according to the identity type and the access authority condition of a target service object, and can finish the inquiry of the main data or the inquiry of the change history by calling once; and verifying the change authority of the business system to the record and the data field according to the identity type and the change authority condition of the target service object, and refusing unauthorized insertion and update operations.
Wherein the access rights include identity type and jurisdiction. The change authority comprises an identity type and a district.
Preferably, the method for constructing a master data service based on a logic model specifically includes the following steps:
s1, model definition optimization: introducing logic models to realize the description of the service object, wherein each logic model comprises a plurality of submodels or a plurality of standard data source fields;
s2, an authorization mode: including service authorization and data authorization;
s3, service implementation: and the service system calls the query interface to realize service.
Preferably, in step S1, repeated configuration operations are avoided by defining logical submodels.
By defining the universal logic submodel, repeated configuration operation can be avoided in the definition process of different models, the configuration efficiency is improved, and configuration errors are reduced.
Preferably, the name, type, size and dictionary information of the data fields are specified by the data element standard.
Through data element standards, information such as data field names, types, sizes, dictionaries and the like is specified.
Preferably, data elements used in the logical model are overlapped and deduplicated, and physical model modeling is performed to obtain a physical table for storing all types of service object data.
Preferably, the service authorization performs independent authorization on the query interface, the change interface and the history interface by accessing the shared service gateway.
Preferably, the data authorization restricts the range of data access in the interface, and the authorization of granting the read/write permission according to the type of the service object and the administrative division where the service object is located is supported.
The service authorization can not restrict the data accessed in the interface, and the range of the data accessed in the interface is restricted by the data authorization, and the design supports a plurality of data authorization modes, including:
1. authorizing and granting read/write permission according to the service object type;
2. granting read/write permission according to administrative division authorization of the service object;
3. according to business needs, when service authorization is configured, a sub-model or even a data element field can be used for providing finer-grained authorization, and the authorization of granting read/write permission of the sub-model/the data element field to a business system is supported;
4. other authorization requirements can be flexibly expanded according to business requirements.
Preferably, in step S3, through OAuth2 authentication, a Scope support query interface in the returned data is returned, after receiving the request, the query interface queries the record from the database through the index field and under the condition of partition, if there is no matching record, the record is directly returned, the data elements are matched through the authorized model and combined into a returned JSON data structure, if the service object has multiple identities, a plurality of JSON sections are returned, and part of the general submodel is placed in an independent section according to the service requirement. According to the business requirements, the data records obtained by first query can be stored in Redis, when a client transacts a plurality of businesses, the subsequent query directly obtains data from Redis, the database load is reduced, the response time is shortened, and the concurrent processing capacity is improved.
According to the method for constructing the main data service based on the logic model, the main data object is defined through the logic object model, the logic sub-object and the data elements are mixed and flexibly configured, the configuration process is simplified, data field authorization in an interface is carried out through the logic object, the authorization comprises the authorization of the logic sub-object and the data elements with lower granularity, and the dynamic assembly of interface return data is carried out through the logic object, so that private data are protected.
Compared with the prior art, the method for constructing the main data service based on the logic model has the following outstanding beneficial effects: the method for constructing the main data service based on the logic model realizes the rapid modeling, the flexible authorization configuration and the dynamic interface data return of the main data system under the definition of multiple object types and complex structures, comprehensively supports the main data opening and updating requirements facing multiple levels and multiple departments in an actual service scene, realizes the dynamic updating, the freshness preservation and the safety of the main data, has no hidden danger in safe release, and has good popularization and application values.
Drawings
FIG. 1 is a schematic diagram of a logical modeling of a primary data object of the method of building a primary data service based on a logical model according to the present invention;
FIG. 2 is a schematic diagram of the association relationship among the system, the logical model and the physical model of the method for constructing the master data service based on the logical model.
Detailed Description
The method for constructing a master data service based on a logic model according to the present invention will be described in further detail with reference to the accompanying drawings and embodiments.
Examples
As shown in fig. 1 and fig. 2, the method for constructing a master data service based on a logic model of the present invention dynamically generates a message according to the identity type and the access right condition of a target service object, and can complete the query of the master data or the historical query of the change by one call; and verifying the change authority of the business system to the record and the data field according to the identity type and the change authority condition of the target service object, and refusing unauthorized insertion and update operations. Wherein the access rights include identity type and jurisdiction. The change authority comprises an identity type and a district.
The method for constructing the main data service based on the logic model specifically comprises the following steps:
s1, model definition optimization: and introducing logic models to realize the description of the service object, wherein each logic model comprises a plurality of sub models or comprises a plurality of standard data source fields.
By defining the universal logic submodel, repeated configuration operation can be avoided in the definition process of different models, the configuration efficiency is improved, and configuration errors are reduced.
Through data element standards, information such as data field names, types, sizes, dictionaries and the like is specified.
And (4) overlapping and removing duplication of data elements used in the logic model, and performing physical model modeling to obtain a physical table for storing all types of service object data.
S2, an authorization mode: including service authorization and data authorization.
The access control of the service interface is provided for the service system by accessing the shared service gateway and supporting the OAuth2.0 mode, and the query interface, the change interface and the historical record interface can be authorized independently.
The service authorization can not restrict the data accessed in the interface, the range of the data accessed in the interface is restricted by the data authorization, and the design supports various data authorization modes including
1. Authorizing and granting read/write permission according to the service object type;
2. granting read/write permission according to administrative division authorization of the service object;
3. according to business needs, when service authorization is configured, a sub-model or even a data element field can be used for providing finer-grained authorization, and the authorization of granting read/write permission of the sub-model/the data element field to a business system is supported;
4. other authorization requirements can be flexibly expanded according to business requirements.
S3, service implementation: and the service system calls the query interface to realize service.
And returning a Scope support query interface in the data through the authentication of the service gateway OAuth2, after receiving a request, querying records from the database through an index field by taking a partition as a condition by the query interface, if no matched record exists, directly returning, matching data elements through an authorized model, combining into a returned JSON data structure, if a service object has multiple identities, returning multiple JSON sections, and placing partial general sub-models in independent sections according to service requirements. According to the business requirements, the data records obtained by first query can be stored in Redis, when a client transacts a plurality of businesses, the subsequent query directly obtains data from Redis, the database load is reduced, the response time is shortened, and the concurrent processing capacity is improved.
The method for constructing the main data service based on the logic model defines the main data object through the logic object model, simplifies the configuration process by using the mixed flexible configuration of the logic sub-object and the data element, authorizes the data field in the interface through the logic object, including authorization of the logic sub-object and the data element with lower granularity, and dynamically assembles interface return data through the logic object, thereby protecting privacy data.
The above-described embodiments are merely preferred embodiments of the present invention, and general changes and substitutions by those skilled in the art within the technical scope of the present invention are included in the protection scope of the present invention.
Claims (6)
1. A method for constructing a master data service based on a logic model is characterized in that: dynamically generating a message according to the identity type and the access authority condition of the target service object, and finishing the inquiry of the main data or the inquiry of the change history; verifying the change authority of the business system to the record and the data field according to the identity type and the change authority condition of the target service object; the method specifically comprises the following steps:
s1, model definition optimization: introducing logic models to realize the description of the service objects, wherein each logic model comprises a plurality of sub models or a plurality of standard data source fields;
s2, an authorization mode: including service authorization and data authorization;
s3, service realization: the service system carries out service realization, a Scope support query interface in the returned data is authenticated through a service gateway OAuth2, after the query interface receives a request, the query interface queries a record from a database through an index field under the condition of division, if no matched record is directly returned, the data elements are matched through an authorized model and combined into a returned JSON data structure, if a service object has multiple identities, a plurality of JSON sections are returned, and partial general submodels are placed in independent sections according to service requirements.
2. The method of building a master data service based on a logical model according to claim 1, wherein: in step S1, repeated configuration operations are avoided by defining logical submodels.
3. The method of building a master data service based on a logical model according to claim 2, characterized by: the name, type, size and dictionary information of the data field are specified by the data element standard.
4. The method of building a master data service based on a logical model according to claim 3, wherein: and (4) overlapping and removing duplication of data elements used in the logic model, and performing physical model modeling to obtain a physical table for storing all types of service object data.
5. The method of building a master data service based on a logical model according to claim 4, wherein: and the service authorization independently authorizes the query interface, the change interface and the historical record interface by accessing the shared service gateway.
6. The method of building a master data service based on a logical model according to claim 5, wherein: and authorizing the granting of the read/write permission according to the service object type and the administrative division where the service object is located by restricting the range of the access data in the interface through the data authorization.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110261452.5A CN112966036B (en) | 2021-03-10 | 2021-03-10 | Method for constructing main data service based on logic model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110261452.5A CN112966036B (en) | 2021-03-10 | 2021-03-10 | Method for constructing main data service based on logic model |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112966036A CN112966036A (en) | 2021-06-15 |
CN112966036B true CN112966036B (en) | 2023-02-21 |
Family
ID=76277099
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110261452.5A Active CN112966036B (en) | 2021-03-10 | 2021-03-10 | Method for constructing main data service based on logic model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112966036B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114625769B (en) * | 2022-05-13 | 2022-08-16 | 工保科技(浙江)有限公司 | Method, system, device and medium for managing main data in multi-data-source scene |
CN117596157A (en) * | 2024-01-18 | 2024-02-23 | 厦门立林科技有限公司 | Dynamic construction method of object model |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101520869A (en) * | 2009-04-17 | 2009-09-02 | 武汉刻度科技发展有限公司 | Business logic object modeling method and device thereof |
WO2014048491A1 (en) * | 2012-09-28 | 2014-04-03 | Siemens Aktiengesellschaft | Apparatus and methods for providing building automation system data updates to a web client |
CN104737154A (en) * | 2012-10-18 | 2015-06-24 | 甲骨文国际公司 | Associated information propagation system |
CN106202452A (en) * | 2016-07-15 | 2016-12-07 | 复旦大学 | The uniform data resource management system of big data platform and method |
CN106651145A (en) * | 2016-11-28 | 2017-05-10 | 中广核核电运营有限公司 | Spare part management system and method |
CN110019314A (en) * | 2017-12-29 | 2019-07-16 | 中国移动通信集团湖南有限公司 | Dynamic data packaging method, client and server-side based on data item analysis |
CN110765337A (en) * | 2019-11-15 | 2020-02-07 | 中科院计算技术研究所大数据研究院 | Service providing method based on internet big data |
CN111459907A (en) * | 2020-03-04 | 2020-07-28 | 石化盈科信息技术有限责任公司 | Method, system and storage medium for configuring master data through model |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8356009B2 (en) * | 2006-09-15 | 2013-01-15 | International Business Machines Corporation | Implementation defined segments for relational database systems |
CN104361424B (en) * | 2014-10-11 | 2018-05-04 | 中国电子科技集团公司第十研究所 | Main data system integrated approach based on Enterprise Service Bus |
CN109508176B (en) * | 2018-07-20 | 2022-02-22 | 苏州百捷信息科技有限公司 | Data management platform for enterprise owners |
CN110147377B (en) * | 2019-05-29 | 2022-12-27 | 大连大学 | General query method based on secondary index under large-scale spatial data environment |
-
2021
- 2021-03-10 CN CN202110261452.5A patent/CN112966036B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101520869A (en) * | 2009-04-17 | 2009-09-02 | 武汉刻度科技发展有限公司 | Business logic object modeling method and device thereof |
WO2014048491A1 (en) * | 2012-09-28 | 2014-04-03 | Siemens Aktiengesellschaft | Apparatus and methods for providing building automation system data updates to a web client |
CN104737154A (en) * | 2012-10-18 | 2015-06-24 | 甲骨文国际公司 | Associated information propagation system |
CN106202452A (en) * | 2016-07-15 | 2016-12-07 | 复旦大学 | The uniform data resource management system of big data platform and method |
CN106651145A (en) * | 2016-11-28 | 2017-05-10 | 中广核核电运营有限公司 | Spare part management system and method |
CN110019314A (en) * | 2017-12-29 | 2019-07-16 | 中国移动通信集团湖南有限公司 | Dynamic data packaging method, client and server-side based on data item analysis |
CN110765337A (en) * | 2019-11-15 | 2020-02-07 | 中科院计算技术研究所大数据研究院 | Service providing method based on internet big data |
CN111459907A (en) * | 2020-03-04 | 2020-07-28 | 石化盈科信息技术有限责任公司 | Method, system and storage medium for configuring master data through model |
Non-Patent Citations (2)
Title |
---|
银行数据仓库体系实践-主数据模型设计;潇湘隐者;《博客园》;20201013;全文 * |
面向大数据的数据管理架构分析;王军;《现代工业经济和信息化》;20181024(第10期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112966036A (en) | 2021-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112966036B (en) | Method for constructing main data service based on logic model | |
CN107342992B (en) | System authority management method and device and computer readable storage medium | |
EP2405607A1 (en) | Privilege management system and method based on object | |
US8090853B2 (en) | Data access control | |
CN103095720B (en) | A kind of method for managing security of cloud storage system of dialogue-based management server | |
KR20080106220A (en) | Management and application of entitlements | |
CN106302492A (en) | A kind of access control method and system | |
CN114817901A (en) | Authority management method, related device and medium | |
CN108846755A (en) | A kind of right management method and device based on intelligent contract | |
CN109358874A (en) | Business rule update method, device, computer equipment and storage medium | |
CN114168930A (en) | Hive authority control method, device, equipment and readable storage medium | |
CN111988173A (en) | Tenant management platform and tenant management method based on multi-layer parent-child structure tenant | |
CN110334545B (en) | SQL-based permission control method and device and electronic equipment | |
CN114422197A (en) | Permission access control method and system based on policy management | |
US20240007458A1 (en) | Computer user credentialing and verification system | |
CN112100608A (en) | Multi-role authority control system and method | |
CN111310151A (en) | Distributed permission set-based permission management method, device and storage medium | |
CN115174177B (en) | Rights management method, device, electronic apparatus, storage medium, and program product | |
US8904557B2 (en) | Solution for continuous control and protection of enterprise data based on authorization projection | |
JPH05181734A (en) | Access right management control systems for data base and file system | |
CN111475802B (en) | Authority control method and device | |
CN114003877A (en) | Data access method, device, medium and electronic equipment of multi-tenant system | |
CN111737293A (en) | Data warehouse authority management method, device, equipment and storage medium | |
CN111680069A (en) | Database access method and device | |
CN111797382A (en) | Privilege account authority control management method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |